Which AntiVirus Has the Best (and Worst) Protection?

Internet security suites have become exceedingly complex over recent years. That’s partly due to the ever-increasing number of vectors via which hackers and malware attack. It’s also due to feature-bloat, as anti-virus vendors add new bells and whistles to differentiate their products. But one bedrock feature of a security suite remains the same: how well does it detect virus-infected files? Here are some real-world test results you won't want to miss...

Anti-Virus Programs Tested by Independent Labs

The uber-geeks at antivirus testing organization AV-Comparatives.org look at this fundamental question twice a year. Their latest test, reported in October 2012, threw an army of 240,000 virus-infected files at twenty anti-malware programs. The detection rates of all contenders were ranked and grouped.

The winners in the detection test were G Data and AVIRA, both with almost perfect infection detection scores of 99.9% and 99.8%, respectively. Other programs that detected more than 99% of infected files include Panda, Trend Micro, F-Secure, Kaspersky, BitDefender, BullGuard, Fortinet, and eScan. McAfee (98.8%), Sophos (98.7%), Avast (98.6%), and AVG (98.0%) all scored respectively well.

The worst performers by detection rate (less than 95%) included Microsoft Security Essentials, PC Tools, and Webroot. The last was an extraordinary failure, detecting less than 80% of infected files.

It's Not an Oxymoron...

False positives – flagging a non-infected file as infected – are almost as bad as false negatives (failing to detect an infected file). False positives can lead to deletion of legitimate files that the operating system or application program needs in order to function. AV-Comparatives also measured the false positives rates of the twenty contenders.

The lowest rates of false positives were found in Microsoft System Essentials, ESET, Kaspersky, and Trend Micro. The highest (worst) false positive rates were racked up by G Data, GFI Vipre, AVG, and Webroot. But again, Webroot was off the chart compared to the others, and not in a good way.

Taking detection rates and false positives into account, AV-Comparatives ranked all of the twenty contenders. The programs that won ADVANCED+ (three star) awards include AVIRA, Trend Micro, F-Secure, Kaspersky, BitDefender, Bullguard, Fortinet, eScan, McAfee, and Avast. Programs that failed miserably include AhnLab and Webroot; they were diplomatically rated as “tested.”

Detection Is Good, Removal is Better

It's of course very important that your anti-malware program has the ability to detect the most common samples of malware that are currently in the wilds of cyberspace. But that's only half of the problem. You want to get rid of that stuff, too.

These tests looked only at virus detection, false positives and the ability of the tools to remove infections. Accordingly, the AV-Comparatives lab also tested how well these programs do at removing malware and cleaning up the mess it can make. To do so, they choose eleven samples of malware (trojan horses, rootkits, viruses and worms), infected a pristine Windows 7 PC, and ran the anti-virus tools as a typical home user would, in an attempt to remove the infection.

The products were rated on a scale of 0 to 100, depending on their performance at removing the malware samples. Kaspersky and Bitdefender both scored a 94, while Panda scored 86. This earned all three of them an ADVANCED+ rating. Both PCTools and Bullguard registered marks of 79, for an ADVANCED rating. The worst performers in the removal tests were AVG (76) and Avast (59), earning the STANDARD rating.

Keep in mind these scores are not percentages. Rather, they are numbers based on a scoring formula that's described in the malware removal test. It's also worth noting that the report states that "most AV vendors have by now already addressed and fixed the next releases of their products based on our findings."

In addition to detection and removal, there are many other aspects of online security, including anti-phishing and detection of rogue Web sites. A program’s ease of use, consumption of system resources, and other factors also come into play. AV-TEST.org is another anti-virus performance and testing lab that always has interesting reports. Each year in February, they announce their AV-TEST AWARDS FOR BEST PROTECTION, REPAIR and USABILITY. You can see last year's results here.

It's very difficult to quantify which internet security program is "best" because of the many factors to consider. Your usage patterns and awareness also come into play. But at least we have some idea of which programs are best and worst at the basic job of stopping viruses and other nasty online threats.

Your thoughts on this topic are welcome. Post your comment or question below...

Most recent comments on "Which AntiVirus Has the Best (and Worst) Protection?"

I'm still happy enough with the free Panda, which I've used almost since it was a beta.. But I do also run Malware bytes about once a week, and Spybot about once a month, usually over a dinner break when nothing else is happening.

But I dare say much of my nearly 100% freedom from infections is caused by the fact my computer doesn't often visit dodgy sites and I'm not a compulsive clicker of unexpected and unwanted pop-ups ;-)

Gyppo

Posted by:
Frank Verano
20 Nov 2012

Such studies are usefull, though not inherently thorough. 'A' may not catch them all nor 'B' nor 'C' nor 'D,' etc. But maybe A + C or C + D, for example might. I'd like that kind of study. Now personally I use MSSE and keep Malwarebytes and Spybot on the side to use as necessary and this has worked fine ( for years so far.) And they are both free too.

Posted by:
Stuart Fraser.
20 Nov 2012

What about Advanced SystemCare with Antivirus 2013,do you have any views on this one Bob,it seems to do a lot,had it for some time now,no problems so far.

In 2010 Bob wrote an article about running multiple antivirus programs at the same time. It would be nice if AV-Comparatives and AV-TEST extended their testing to produce some rigorous results and see how well multiple packages "play together". Perhaps they could use their top picks (ADVANCED +) and pair them up. Performance (boot time) and other performance metrics (not just detection and removal) would be key factors.

Posted by:
Bob Collie
20 Nov 2012

My concern with what is best is that every year there is a best and worst, but I want to know what is most consistent over the years.
I've gone with half dozen over the years. I'm told there is better so I switch. money, money, money and dragging anchors.
Free programs dragged even worse until I settled on Microsoft SE. Now I'm told it sucks.

Posted by:
Buffet
20 Nov 2012

I always thought NOD32 was the best??

Posted by:
Peter
20 Nov 2012

Hi Bob: Conspicuously absent from these tests is ESET NOD32 AntiVirus, a program that is very highly rated by experienced purchasers on NewEgg's web site. I have been using version 4 on two computers for over 6 months with outstanding results so far. Do you have any experience or comments about this application to share with us?

EDITOR'S NOTE: That's incorrect, ESET NOD32 was rated in the test. It just didn't do very well.

Posted by:
chris
21 Nov 2012

I have two:
1. there seems to be a correlation between the highest detection rates and false positives of viruses.
2. this is one tester's opinion, would you buy an expensive car based on a single report by an auto "expert"? Personally, I'm somewhat dismayed at MSE's poor performance, as it is the "default" protection for many users. Bob, you personally recommended Malwarebytes less than a year ago. Hmmmmnn.

EDITOR'S NOTE: I still recommend MBAM, but as a secondary on-demand scanner. I'm not sure if MBAM Pro is ready for prime time as a first line of defense, so I don't recommend it as such.

Posted by:
Ken
21 Nov 2012

Bob is reporting the results of av-comparatives tets. He doesn't control what programs are tested. Go to av-comparatives.org for reasons why norton wasn't included in testing.

Posted by:
Ihor Prociuk
21 Nov 2012

If you read AV-Comparatives methodology document (even though it may be out-of-date), it's up to the antivirus software vendor if they want to participate in the test. The tester (AV-Comparatives) also has the right to reject a vendor. They also limit their testing to 20 internationally recognized products. I would think that would qualify Symantec so it's not clear why they're not in the report.

Symantec is evaluated in the AV-TEST.org report of May-June/2012 for Windows 7.

Posted by:
Nahoka Bravewolf
21 Nov 2012

I seen an old black & white western movie many years ago - I'm 70 - about a new doctor in town, who wasn't getting much business. So, he went about introducing non-fatal diseases in people's water wells and store-bought foods. It wasn't long until he had more business than he could handle. Since he knew what diseases his patients had it wasn't difficult to cure them. I have often wondered about all these antivirus software makers who may be "introducing" viruses in much the same manner. What a way to drum up some business. Just saying...

Posted by:
Nezzar
21 Nov 2012

Scott: I agree with your grievance. Webroot was highly recommended on this site,previously; yet, it bombed in these tests. Who knows what to do???
Nezzar

Posted by:
Rich A
21 Nov 2012

I'm no pro ..... but anytime I meet someone who makes a living using computers, I love to ask them about their AV/Malware protection choices ...... AND just like most of these testing sites , " They are all over the map " .... My next door neighbor Is a IT Supervisor for for Emergency Medical Services ( in a large Metro Area ) he says " Norton " ..... I ask him about AVG and/or MSE .... He laughed , followed by , " Are you serious ? " .... but I use MSE on my NET Book ..... it's been clean as a whistle.

EDITOR'S NOTE: To a certain degree, it's a bit analagous to buying tires. If you buy the most expensive, highest-rated radial snow tires, but you never go out when the roads are bad, well then you probably won't have an accident. But was it those awesome tires that protected you? Same thing with anti-virus... if you never do anything but email and casual browsing on well-known sites, you're not likely to encounter the nasties that are lurking in some of the dark corners of the Web.

Posted by:
Bob Rankin
21 Nov 2012

Why no Norton? Here you have it. A rep from AV-Comparatives sent me this link, explaining that Symantec refused to participate in the test.

There's also a link to send comments to Symantec about their decision.

Posted by:
Ihor Prociuk
21 Nov 2012

It's strange that Norton opted out of the AV-Comparatives' "File Detection Test" but DID participate in AV-TEST's May-June/2012 Windows 7 test which features: "Detection of a representative set of malware discovered in the last 2-3 months (AV-TEST reference set); Detection of widespread and prevalent malware (according to AV-TEST data)". I'm not sure if the two tests are equivalent.

I have nothing against Symantec. In fact, I've used it for several years without problems on my main computer. I did have a rootkit problem a few years back on a mini notebook I also have.

I agree with Bob: read the reports carefully and thoroughly and select the product that meets your specific situation. Be prepared to switch if your situation changes or a better product comes along.

Posted by:
Linda
21 Nov 2012

Hi, I have been using Webroot and after reading your revue I uninstalled it and selected a free trial of Vipre. Your No 1 pick on the list. My system was completely locked down from the moment I tried to run a scan. After many hours I was able to do a system restore in safe mode to remove it. It would not uninstall or let me access control panel or anything. I have my webroot back now and my machine is running perfectly again. Do I now choose your pick no 2, or it that a problem too. Please advise.

Posted by:
Zedbeat
26 Nov 2012

I have been using the free version of Avast for several years with no major issues. I was intrigued by the superior performance ratings profiled in this report. After doing some additional checking I decided to purchase BidDefender 13 Total Security and installed it on 3 machines as allowed by the contract. It seems to work well, even impressively on the 2 32 bit Win7 machines. On my Win7 64bit I have had major issues. After booting it works fine for a while and then it will freeze my pc - not allowing any input - i.e. can't start new programs. I've put in a help request to Bitdefender - no reply as of sending late last night. This experience reminded me strongly of the old adage IF AIN'T BROKE DON'T FIX IT.

Posted by:
Mary Ann
01 Dec 2012

I was at Best Buy today looking at Win8 models and the salesman recommended WEBROOT! They were also selling Kasperksy.

He also said McAfee won't run on Win8 machines.

Posted by:
Bob K.
02 Jan 2013

Today's NYT article explains why the deluge of new malware makes the AV guys fall behind faster than the 'bad guys' pump out more ..
1 million in 2000 and 49 million now..!!

A lot of these comments ask about Norton. Norton is a resource hog. It will slow a computer down and doesn't really work that well. I have a friend who was running Norton and told me one night that it had detected three viruses on his computer, but could not remove them. I asked him what they were and the next night he gave me a screen print of the message. I went to McAfee's website to see if they had manual removal instructions for them. I received a message saying that their current engine and data files would remove them. So, I told him that and set up a time to meet him at his house and took my old McAfee disk with me. I removed Norton and installed McAfee on his system. McAfee does a scan before it installs and my old disk detected all three and removed them. So he went to McAfee's website and bought the new version and updated the old one. McAfee is not a resource hog and does not slow the system down. I currently use Trend Small Business Client / Server and have no problems with it. I had to redo this system because Windows was messing up so I need to put MalwareBytes back on it, but it never found anything that Trend did not catch.

Post your Comments, Questions or Suggestions

* Name:
* Email:
(* = Required field)

(Your email address will not be published)

Comments: (you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.